Administration of User Accounts:

5.1 Windows Domain Authentication

You can create local user accounts within the recorder application itself. However, it is more secure to use Windows domain accounts and you may wish to enable this feature - or even restrict access so that only windows domain accounts have access to the system.

Tip

If users are prompted for their domain passwords when they access the web interface, make sure that the recorder is either part of the intranet zone, or make it a trusted site and configure Internet Explorer to automatically log on to trusted sites.

To Enable Windows Domain Authentication:

1. Create a user account (as described below) who's username is domain\username - for example, CORP1\JSmith. Note that the username is case sensitive and must match exactly the case of the username stored in the domain controller.

2.Add properties to the properties file to define either your domain controller or WINS controller as follows:

sso.dc=IP address of domain controller

or

sso.domain=domain name to use sso.wins=IP address of WINS server to use

To Enforce Windows Domain Authentication only:

1.Enable Windows Domain Authentication as above.

2.Log in as an Administrator using a domain account

3.On the Security > Users page, set Allow local user accounts? to No.

5.2Use of SSL

You should consider whether you wish to enforce the use of Secure Sockets Layer (SSL) 78 . By default, users can access the recorder via http (on port 8888) or by encrypted https (on port 8443). You can force users to use the secure https port, by setting Allow unencrypted (http) access? to No on the Security Users administration page. When you do this, any user who attempts to access the recorder through the unsecured (http) route is automatically redirected to the secure (https) address.

The application is distributed with an SSL certificate that is valid for 3 years from the date it was issued. The certificate makes it possible to give users secure access to the server. When users access it through this secure https port, the traffic between their browser and the recorder is automatically encrypted.

However, Internet Explorer will warn your users that the name on the certificate does not match the name of the server using it. You can either advise your users that this is acceptable and should be ignored or, for greater security, you may acquire and install your own SSL certificate.

5.3 Session Inactivity Timeout

If a user does not access the administration or search and replay screen for a period in minutes exceeding this setting, they will have to log in again (unless you are using Windows Domain Authentication 33 ).

IP Office ContactStore 7.8

Page 33

IP Office

15-601038 Issue 4b (06 July 2009)

Page 33
Image 33
Avaya 7.8 manual Windows Domain Authentication, Use of SSL, Session Inactivity Timeout